Injection Vulnerability in cgiemail and cgiecho Products by cPanel
CVE-2017-5615

6.1MEDIUM

Key Information:

Vendor
Cpanel
Status
Cgiecho
Cgiemail
Vendor
CVE Published:
3 March 2017

Summary

The cgiemail and cgiecho products have a vulnerability that allows an attacker to perform remote header injection. By exploiting this flaw, a malicious user can inject newline characters into the redirect location, potentially leading to the execution of arbitrary commands or scripts. This poses significant risks as it may facilitate phishing attacks or data manipulation. It is important for users of these products to apply necessary security updates and implement proper input validation to mitigate the risk.

References

http://www.securityfocus.com/bid/95870
vdb-entryx_refsource_BID
https://news.cpanel.com/tsr-2017-0001-full-disclosure/
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2017/01/28/8
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.